RHSA-2025:7315MediumCVSS 7.5
Red Hat Security Advisory: php security update
🔗 CVE IDs covered (9)
📋 Description
CVE-2024-2756 — php: host/secure cookie bypass due to partial CVE-2022-31629 fix CVE-2024-3096 — php: password_verify can erroneously return true, opening ATO risk CVE-2024-5458 — php: Filter bypass in filter_var (FILTER_VALIDATE_URL) CVE-2024-8925 — php: Erroneous parsing of multipart form data CVE-2024-8927 — php: cgi.force_redirect configuration is bypassable due to the environment variable collision CVE-2024-8929 — php: Leak partial content of the heap through heap buffer over-read in mysqlnd CVE-2024-9026 — php: PHP-FPM Log Manipulation Vulnerability CVE-2024-11233 — php: Single byte overread with convert.quoted-printable-decode filter CVE-2024-11234 — php: Configuring a proxy in a stream context might allow for CRLF injection in URIs
🔗 References (14)
- selfhttps://access.redhat.com/errata/RHSA-2025:7315
- externalhttps://docs.redhat.com/en/documentation/red_hat_enterprise_linux/9/html/9.6_release_notes/index
- externalhttps://access.redhat.com/security/updates/classification/#moderate
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275058
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2275061
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2291252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317049
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317051
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2317144
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2327960
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2328521
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=2328523
- externalhttps://issues.redhat.com/browse/RHEL-71275
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_7315.json